Tutorials - Disabling restore

Summary: Information on disabling the restore utility when infected objects are in the restore database.
Updated: 20th March 2002
Author: Matt Ham
Company: Virus Bulletin

Procedure

The Restore utility is designed to retain a copy of important system files so that these can be extracted to replace any files deleted. Unfortunately, many anti-virus products cannot delete or disinfect files in the System Restore area (usually C:\_Restore), and these files can become infected.

In order to remove this source of infection the System Restore feature must be disabled, the files removed and then System Restore may be re-enabled. To do this the following procedure should be followed:

  • Right-click on the My Computer icon.
  • Select Properties and then the Performance tab.
  • Select File System and the Troubleshooting tab.
  • Select the option 'Disable System Restore'.
  • Select Apply and then Close twice. The System Restart prompt will appear.
  • Restart the computer.

The restarted machine will now have a C:\_Restore folder which can be disinfected or the files within it can be deleted or moved as desired.

In order to restore the System Restore function, the above process should be followed once more, with step four being reversed.

Poll

Do you use the same password(s) across multiple websites?
I use the same password for all sites
I have a number of passwords but use the same for some sites
I use a different password for each site
I don't sign up to any sites that require a password

Leave a comment
View 4 comments
Jobs Career Sidebar

VB2010

VB2010 VB2010 will take place 29 September-1 October 2009 at the Westin Bayshore, Vancouver, BC, Canada. Early bird discount available until 15th June 2010.
Virus Bulletin currently has 190,995 registered users.